Internet abusers often use free e-mail services and blogging sites to launch their attacks. For example, spammers typically register for free e-mail accounts and use these e-mail accounts to send spam. Moreover, the spam e-mails typically encourage users to follow links contained in the e-mails, and these links often point to web sites where users can host content for free, such as blogging sites or photo-sharing sites. In some cases, the content hosted on these sites contains viruses, phishing, or other malicious content that the abusers want to propagate. In other cases, visiting the site simply serves to confirm that the spam e-mail reached a real user, or to collect conversions when users buy the products advertised in the spam.
Using a service as a launch point for attacks tends to devalue the service, since the public may come to associate the abuse with both the service and the service's domain name. Hosting the abusive activity is expensive for the service provider, and is also detrimental to both the provider and to the provider's legitimate users. Thus, responsible service providers often seek to ban abusive activity from their services.
However, banning abusive activity from a service is difficult. Distinguishing legitimate users from non-legitimate users is a hard problem. The fact that a new e-mail account is associated with a spammer may not become apparent until the spammer has used the account to send many e-mails (e.g., fifty). The service provider can shut down the account quickly after the abuse is detected, but by that time the damage already has been done. The spammer then can register for another e-mail account and can send another fifty e-mail messages from the new account.
Service providers can ask a user to prove his or her legitimacy before giving the user access to services. Various techniques exist to allow users to prove their legitimacy. For example, a web mail service might ask a user to respond to a text message, or to call a phone number. The goal of these techniques is to increase the cost of obtaining access to a service beyond the level that would be acceptable to a typical abuser. However, many of these techniques fail to achieve their goal. Some techniques are too expensive for the service provider to implement. Some impose too little cost on abusers to deter abusive activity. Some impose too great a cost on legitimate users, which discourages legitimate users from using the service and threatens the traffic/advertising-based revenue model of such services.